Unit 6:

Malicious programs and Protection

{ Prepared By:
Aakriti Neupane
Aishwarya Shrestha
What is Virus?

A computer virus is a computer program that can copy itself and infect a
computer without permission or knowledge of the user.

Virus is the program code that attaches itself to application program, and
when application program runs it runs along with it.
What is Worm?

A worm is a special kind of computer virus that propagates by self-

replication over a computer network. This propagation can be either via
e-mail or other means such as files being copied over a network.
Worms Working principle

Worms normally move via the network and infect other machines through the
computer's that are connected in the network.

A worm can expand from a single copy to many at a very fast rate.

It may delete some system files; it may send junk mails to the user.
Virus Working principle

A virus needs a host program, for example, a forwarded mail, through which
it comes as an attachment.

After the user, downloads the attachment, the virus gets installed in the users
computer.

After that, it might corrupt or delete data on the computer,

use e-mail program to spread itself to other computers, or even
erase everything on the hard disk.

It causes erratic behavior and can result in system crashes.

 Types of Computer Viruses

Browser Hijacker

It alters your computer's browser settings so that you are redirected to web
sites that you had no intention of visiting which takes over parts of the
internet browser you are using.

They are created purposely for marketing, commercial and publicity

purposes. Its purpose is to increase advertisement revenue by bringing traffic
to certain web pages. A well-known example of one is called
CoolWebSearch. (CoolWebSearch is one of the most well known pieces of
malware for hijacking your browser.)
 Directory Virus (Cluster Virus)
This virus works by changing the path that indicates the files location by
infecting the directory of your computer. These infect the entire directory
but are usually found in a location in the disk. They are activated when a
users opens an email attachment with an .exe or .com extension. These
make it difficult to locate your files and may seem that files have
disappeared.

Overwrite Virus
These types of viruses delete any information in a file they infect, leaving
them partially or completely useless once they are infected. Once in the
computer, they replaces all the file content but the file size doesnt
change.
 Trojan

Trojan or Trojan horse is sent to your computer by a program that it is

hidden inside. Trojans do not replicate by infecting other files or
computers. Instead, they survive by going unnoticed. They may sit
quietly in your computer, collecting information or setting up holes in
your security, or they may just take over your computer and lock you out.

Trojans can illegally trace important login details of users online. For
example E-Banking is very common among users, therefore,
vulnerability of tracing your login details whenever your PC is working
without any strong powerful antivirus installed. They are a top tool of
cyber thieves who steal your financial and personal data for profit.

It can also Turn your computer into a Zombie! sometimes, a

hacker isn't interested in you, but just wants to use your computer as a
slave in a network under his or her control.
 Memory Resident Virus

It is a malicious code that installs in the memory and then infects future
programs. It finds a way to load in the computers RAM and then infects
the executable files that are opened by the user when a certain conditions
are met. When the operating system runs the virus gets activated and
every file that was opened gets infected. Even after execution of the
malicious code the virus stays hidden in the RAM. This virus corrupts
programs and files that are used in any way.
Rabbit and bacteria

Bacteria (also known as rabbit programs) are a type of malware that creates
many instances of themselves, run many times simultaneously in order to
consume large amounts of system resources.

This creates denial of service effect as legitimate programs may no longer be

available to run , or at least may not run properly.
Defenses

Defending against malicious logic takes advantage of several different

characteristics of malicious logic to detect or to block, its execution.
Sandboxing
Sandboxing are Virtual machines implicitly restrict process right.

Common implementation of this approach is to restrict the program by

modifying it.
Special instructions inserted into the object code cause traps whenever
an instruction violates the security policy.
The executable dynamically loads libraries, special libraries with the

desired restrictions replace the standard libraries.

Information flow metrics

Define the flow distance metric fd(x) for some information x as follows
Initially, all informtaion has fd(x)=0.
Whenever x is shared, fd(x) increases by 1.
Whenever x is used as input to a computation, the flow distance of the
output is the maximum of the flow distance of the input.
Information is accessible only while its flow distance is less than some
particular value.
Example
Reducing the Rights
Malicious logic altering files
Proof carrying code
Notion of trust
Security

The system can best be protected against by keeping up-to-date and installing
security patches provided by operating systems and application vendors.

Computer worms which spread through emails can best be defended against by
not opening attachments in e-mail, especially .exe files and from unknown
sources.

Anti-virus and anti-spyware software must be used but they need to be kept up-
to-date .

Also while downloading a file from the internet; many other pop-ups appear
which might have spyware. So it is advisable not to click or install such a toolbar,
unless the user is sure about the working of the toolbar.
What is Anti-Virus Software?

Anti-virus software is a is a type of utility that are designed to prevent, search

for, detect, and remove software viruses, and other malicious software like
worms, Trojans, adware, and more.

Primary purpose is to protect computers from viruses.

The automatic scan may check files that are downloaded from the Internet,
discs that are inserted into the computer, and files that are created by
software installers. The automatic scan may also scan the entire hard drive on
a regular basis.

The manual scan option allows you to scan individual files or your entire
system whenever you feel it is necessary.
 Antivirus programs must keep an updated database of virus types.

This database includes a list of "virus definitions" that the antivirus software
references when scanning files. Since new viruses are frequently distributed, it
is important to keep your software's virus database up-to-date.

Examples of common antivirus programs include Norton Antivirus, Kaspersky

Anti-Virus, AVG.
Features of Antivirus

Not all antivirus utilities are created equal: some offer more features:

Virus Detection
The primary function of antivirus software is to detect and remove computer
viruses. This is typically done by scanning files on your computer and comparing
data in the files to a data.

Alerts
Most antivirus programs have the ability to alert you when a program is trying to
access your computer. An example would be an online application. Many of the
programs that attempt to access your computer are harmless or downloaded
voluntarily and thus the antivirus program will give you the option of allowing or
preventing the access.
 Automatic Updates
Most antivirus programs offer automatic updates. Automatic updating is
important because an out of date antivirus program will not be able to
detect the newest viruses. Moreover, if an antivirus program only offers
manual updates you may forget to update the antivirus program and your
computer may become infected with a new virus.

Real-time Protection
Most antivirus programs offer real-time protection. This means that the
antivirus program protects your computer from incoming threats.
Consequently, even if a virus has not infected your computer you should
consider acquiring an antivirus program for the purpose of preventing
future infections.
 Online Security

It helps to keep you safe online. Fraud monitoring, and phishing

recognition alert you if someone attempts to access your computer
from a remote location or if a website attempts to redirect your
browser or steal your personal information. Untrustworthy sites or
pages with potentially harmful downloads may be blocked, protecting
your computer by preventing the damaging action before the site can
load.
 Always be sure you have the best,
up-to-date security software installed
to protect your computers, laptops, tablets and smartphones.

THANK YOU!